App Review Norton Security 360 Deluxe 2023

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra

Shadowra

Level 32
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,181
Norton is a well known antivirus and also a behemoth in computer security, having acquired Avira and Avast.
Previously hated, it is now very appreciated, we will see together if Norton is still at the top or not.



Interface: 10/10

Norton offers a very simple and pleasant interface.
It is very family oriented because everything is at hand (settings, anti-malware analysis etc).
Norton has also undergone a small facelift in terms of color, the alerts are yellow and quite large, which I like a little less, I preferred its old alerts, more discreet.
Norton is still very light, we like that!

Protection:10/10 Web / Fake crack 1/1 Remains 10 threats on 78 malware / PC Infected after Malware Pack but blocked by Norton

On the URL test, Norton easily gets rid of URLs.
Surprisingly, it does not issue any alerts when its web protection blocks an infected file...

The fake crack was also detected.

On the pack, something I noticed directly, Norton was able to correct the deletion errors it used to encounter and is faster to delete!
Norton tried to defend itself and prove its efficiency and held on, until I ran a bloated file trapped by LapusClipper.
Norton will block the connection, but the system is still infected because it is present in memory despite Norton's blocking.


Result :
Norton: 0
KVRT : 5 - infection in memory !
ESET : 1 - Infection in memory


Recommand : Yes but in a family environment
System Clean : No system infected
 

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,631
Nice test (y)
Norton tried to defend itself and prove its efficiency and held on, until I ran a bloated file trapped by LapusClipper.
Norton will block the connection, but the system is still infected because it is present in memory despite Norton's blocking.
In this case, Norton always recommends to run Power Eraser which it did in your case also. You needed to run it and it would have detected the bloated file and after selecting delete and system restart, the malware wouldn't have stayed in memory any longer.
So, the system is protected because Norton IPS blocks the malware from doing any harm and Power Eraser would clean up the remaining mess.
 

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,631
You are telling me that Norton installed application needs an external/stand-alone tool (NPE) to clean up the system? 🙄🤦‍♂️
Yeah, that's how it is even though it's rather strange. Norton Power Eraser is their aggressive scanner and is installed with Norton. Not fully similar but think of it like Kaspersky's Advanced Disinfection. Like Kaspersky, Norton recommends this when it suspects it needs an aggressive cleanup method.
Pause the video on 3:44 to see it.
 

artek

Level 5
Verified
May 23, 2014
236
Yeah, that's how it is even though it's rather strange. Norton Power Eraser is their aggressive scanner and is installed with Norton. Not fully similar but think of it like Kaspersky's Advanced Disinfection. Like Kaspersky, Norton recommends this when it suspects it needs an aggressive cleanup method.
Pause the video on 3:44 to see it.
To be fair, the initial popup says "no further action is required." The prompt for power eraser only shows up when a user clicks for further details.
 

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
969
From Norton's behaviour at recent tests I can understand that:
  • IPS works wonders
  • AV is just good
  • FP's have fallen down
So,
  • For security industry known malware or malware that has a generally known/detectable behavior pattern, even unknown malware, vendors like BitDefender, Kaspersky Eset & Avast will definitely do better -> they can prevent infection
  • For malware difficult to catch even via BB/ML, IPS will still popup as it's a network inspection mechanism, and malicious network behaviour patterns are more difficult to hide
  • System will almost always be protected from leaking data as IPS blocks phone-home connections, this is the most important thing for financial malware & malware downloading payloads.
  • System can actually get infected, even if the malware cannot proceed to further actions, and it's not convenient to any degree
So, when there is an IPS detection for Norton, it's vital for the user to run NPE (fortunately included) and maybe some other scanners for disinfection. No malware will go unnoticed or send important data to third parties even the nasty ones.
But, all this can be true if IPS is really top notch and can detect anomalies (not just by network signatures), I cannot be sure about that, only assumptions from tests.
 
Last edited:

Trident

Level 26
Verified
Top Poster
Well-known
Feb 7, 2023
1,551
@Nikos751 you are correct about IPS. IPS signatures are quick to deploy and block huge variety of nasties, from exploits to scams, malware calling home and many others. IPS looks at how programs communicate and that changes less from threat to threat, if at all.

IPS is also extremely difficult to evade, unlike static analysis, dynamic analysis, behavioural blocking and many other methods.

Apart from IPS, Norton also blocks executable content in documents similar to CheckPoint/ZoneAlarm and that alone can suspend many attacks.

The observation that the antivirus is just good, I wouldn’t agree on that so much. The antivirus is top-notch but as all technologies aimed at identification of malicious code and not prevention (like sandboxing, HIPS, Application Control) it suffers natural limitations. The same limitations can be observed with all competing products.

Eset specifically, hasn’t been proven to be better than Norton in anything except if HIPS is enabled and set to a more aggressive level and that’s a parade of alerts.
 

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
969
@Trident Maybe you 're right, my concern is there because there are cases where IPS detects the malware and not the AV, while others have usually a detection from the AV/BB that is safer. I consider BB as complementary to the AV. I would still feel safe while IPS would prevent my actual data to be sent over though.
 

Trident

Level 26
Verified
Top Poster
Well-known
Feb 7, 2023
1,551
@Trident Maybe you 're right, my concern is there because there are cases where IPS detects the malware and not the AV, while others have usually a detection from the AV/BB that is safer. I consider BB as complementary to the AV. I would still feel safe while IPS would prevent my actual data to be sent over though.
Sometimes due to the IPS block, the program can’t continue with its malicious behaviour and this is the reason why it’s not picked up by other components.
This can be observed with other anti-bot components such as the Avast Resident Shield, Bitdefender Online Threat Defence, CheckPoint/ZoneAlarm Anti-Bot and others that block malicious traffic.

I am not sure what’s the reason for Symantec/Norton not to remediate programs instantly once they’ve generated an IPS-detected traffic, as far as I remember, Kaspersky System Watcher and Avast instantly remediate programs if there is traffic to a suspicious host. That, plus the program not being widely used and signed should be a clear evidence that it shouldn’t be left.

That’s one thing they really need to look at. For example CheckPoint can be configured to start incident remediation straight away.

Nevertheless, the traffic is blocked so it can’t do its harm. Power Eraser scan is advised to clean the infection. They should just start a background scan with it and remove everything.

I am not a product manager there sadly.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top